one record to be redirected to a specific IP
Hello all, I plan to use BIND as caching DNS. But I need to could redirect a specific record to a specific IP. How can I do this? This redirection must only be applied for one record. Ex: a query for www.ABCD.com must be answered by the IP I have choosen. The redirection must not be applied on all the domain ABCD.COM Can you help? Can you give an example of config file to do this? Thanks in advance, Hugo, _ Surfez en toute sécurité: téléchargez Internet Explorer 8 http://www.microsoft.com/belux/fr/windows/internet-explorer/___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: [ga] Re: Resolving .gov w/dnssec
On Fri, Apr 23, 2010 at 12:15 AM, Hugh Dierker hdierker2...@yahoo.comwrote: Fair trade is necessary trade. Unnecessary tradeoffs are lame. I agree. It is a tradeoff and not fair trade. These problems are not necessary -- except that they are within the given framework of lack of motivation to do better. It comes down to this, if we set our standards outside of competitive models there is no incentive to do better. ICANN, the Dnssec and this SAIC are working within government sanctioned slobbery, both intellectual and economic slobbery. I used to think it was snobbery, now I know it is a laziness born of shovel leaning bureaucrats. You may be kind and call it make work but would you call intentional fraud make work? Buggy whips and Railroad fireman is what this is. Again I agree. DNSSEC is a snow job by committee. SAIC is a joke. I root server in Beijing is still down. Where is SAIC on that. The plan I am putting together for the inculsives will generate some new fire under the pants of these obstructionists and they will find that a better mousetrap can be built. Thank you - I and my TLD holders thank you. regards joe baptista --- On *Thu, 4/22/10, Joe Baptista bapti...@publicroot.org* wrote: From: Joe Baptista bapti...@publicroot.org Subject: [ga] Re: Resolving .gov w/dnssec To: c...@cam.ac.uk, g...@gnso.icann.org GA g...@gnso.icann.org Cc: Paul Wouters p...@xelerance.com, Bind Users Mailing List bind-users@lists.isc.org, Timothe Litt l...@acm.org Date: Thursday, April 22, 2010, 8:07 AM Looks like the future of the DNSSEC make work project includes resolution failures here and there. More security - less stability - guaranteed slavery. I wounder if it's a fair trade. we'll see .. regards joe baptista On Thu, Apr 22, 2010 at 10:52 AM, Chris Thompson c...@cam.ac.ukhttp://us.mc529.mail.yahoo.com/mc/compose?to=c...@cam.ac.uk wrote: On Apr 22 2010, Paul Wouters wrote: On Thu, 22 Apr 2010, Timothe Litt wrote: I'm having trouble resolving uspto.gov with bind 9.6.1-P3 and 9.6-ESV configured as valdidating resolvers. Using dig, I get a connection timeout error after a long (~10 sec) delay. +cdflag provides an immediate response. Is anyone else seeing this? Ideas on how to troubleshoot? I have the same problems with our validating unbound instance. I suspect that this has to do with dig +dnssec +norec dnskey uspto.gov @dns1.uspto.gov. dig +dnssec +norec dnskey uspto.gov @sns2.uspto.gov. failing with timeouts, while dig +dnssec +norec +vc dnskey uspto.gov @ dns1.uspto.gov. dig +dnssec +norec +vc dnskey uspto.gov @dns2.uspto.gov. work fine ... with a 1736-byte answer. Probably the fragmented UDP response is getting lost somewhere near the authoritative servers themselves. -- Chris Thompson Email: c...@cam.ac.ukhttp://us.mc529.mail.yahoo.com/mc/compose?to=c...@cam.ac.uk ___ bind-users mailing list bind-users@lists.isc.orghttp://us.mc529.mail.yahoo.com/mc/compose?to=bind-us...@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Joe Baptista www.publicroot.org PublicRoot Consortium The future of the Internet is Open, Transparent, Inclusive, Representative Accountable to the Internet community @large. Office: +1 (360) 526-6077 (extension 052) Fax: +1 (509) 479-0084 Personal: http://baptista.cynikal.net/ ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Resolving .gov w/dnssec
On 04/22/10 18:48, Timothe Litt wrote: I get a connection timed out; no servers could be reached after the Truncated, retrying in TCP mode even with +bufsiz=512 I get a correct response when I use +bufsiz=512. After Truncated, retrying in TCP mode I get a response, but apparently you don't. I am not blocking tcp/53. In fact, telnet dns1.uspto.gov 53 will happily establish a connection :-) I'm on a fiber (Verizon FiOS business) circuit - given that others are seeing this over a wide geography, seems like the investigation needs to start closer to the .gov servers... Certainly for the UDP fragmentation issue that's true. Everyone seems to be having that problem. But you seem to be the only one having the problem where you can't receive TCP even if you set a low bufsize. I can fallback to TCP just fine as long as I set a low bufsize. If you're into numerology, 1736 is 1500 + 236 -- with a 20 byte header on the 236, you get 256 for the fragement - which is mildly curious. Folks on DSL should remember that their magic number is less than 1500 bytes (1492 is common, as is 1453). ...which makes me think that there is a PMTUD issue in your situation. You can establish a TCP connection, but perhaps you receive a larger packet than you can actually receive and you can't signal that you can't receive such a packet because someone is blocking ICMP on the path between you and uspto.gov. Only a packet trace will even begin to yield some clues there. *If* that's true, that, combined with the UDP fragment blockage just makes me think: My, how we've gunked up the Internet. michael ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: one record to be redirected to a specific IP
On 04/23/10 08:15, hugo hugoo wrote: Hello all, I plan to use BIND as caching DNS. But I need to could redirect a specific record to a specific IP. How can I do this? This redirection must only be applied for one record. Ex: a query for www.ABCD.com http://www.ABCD.com must be answered by the IP I have choosen. The redirection must not be applied on all the domain ABCD.COM Can you help? Can you give an example of config file to do this? You need to create a zone for just that record. In named.conf: zone www.abcd.com { type master; file /etc/namedb/master/www.abcd.com; }; For the file line above replace the path to indicate where your actual zone files are stored. In the zone file, you would do this: $TTL 3h www.abcd.com. SOA localhost. nobody.localhost. 42 1d 12h 1w 10m ; Serial, Refresh, Retry, Expire, Neg. cache TTL NS localhost. A 1.2.3.4 Hope this helps, Doug -- ... and that's just a little bit of history repeating. -- Propellerheads Improve the effectiveness of your Internet presence with a domain name makeover!http://SupersetSolutions.com/ ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: delegating subname.localdomain to 127.0.0.2 on the client machine?
On Wed, 21 Apr 2010, Barry Margolin wrote: The scenario is a farm of sendmail + RBL servers that have independent management and databases, but a single bind server. Sendmail etc. would do a lookup of 78.56.34.12.rbl.localdomain and it would look at localhost on 127.0.0.2, where the local RBL service listens. You need to run a caching nameserver on the sendmail machines, and point them to 127.0.0.1 in /etc/resolv.conf. The stub resolver doesn't follow delegations, it sends recursive queries and expects the server to do all the work. Actually this is not working still. Am I wasting my time? rbldnsd listens on 127.0.0.2 and answers right when queried directly for something like 1.139.214.85.countries.rbl.localdomain. named listens on 127.0.0.1, set in /etc/resolv.conf, and answers all other queries correctly, including 'horta.localdomain' set up in example below, so I know it is reading in the zone file. However, named will not delegate *.rbl.localdomain zones, and gives NXDOMAIN. Help? Thanks --mark-- // named.conf acl localdomain { 127.0.0.0/8; }; options { listen-on port 53 { 127.0.0.1; }; // listen-on-v6 port 53 { ::1; }; directory /var/named; dump-file /var/named/data/cache_dump.db; statistics-file /var/named/data/named_stats.txt; memstatistics-file /var/named/data/named_mem_stats.txt; // Those options should be used carefully because they disable port // randomization // query-sourceport 53; // query-source-v6 port 53; // our nameservers... forwarders { 192.168.9.86; 192.168.9.35; }; allow-transfer { localdomain; }; allow-recursion { localdomain; }; allow-query { localdomain; }; allow-query-cache { localdomain; }; }; logging { channel default_debug { file data/named.run; severity debug; }; }; view localhost_resolver { match-clients { localdomain; }; match-destinations { localdomain; }; recursion yes; include /etc/named.rfc1912.zones; }; // named.rfc1912.zones excerpt: zone localdomain IN { type master; file localdomain.zone; allow-update { none; }; }; # localdomain.zone $TTL900 @ IN SOA localhost root ( 2010042302 ; serial 5m ; refresh 5m ; retry 30m ; expiry 5m ; minimum cache ) IN NS localhost.localdomain. IN NS rbldnsd.localdomain. localhost IN A127.0.0.1 horta IN A 127.0.0.3 ; delegate rbl zones to rbl localhost ip. ; rbl listens on 127.0.0.2 so this does not cause a lookup loop. rbldnsd IN A127.0.0.2 rbl.localdomain.IN NS rbldnsd.localdomain. rbl.localdomain.IN A127.0.0.2 ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users